From 8db2022f84efcaeae4a4fc1f56bdd87ab4296e5a Mon Sep 17 00:00:00 2001
From: Khoa Nguyen <knd39@open.ac.uk>
Date: Mon, 12 Aug 2024 15:20:37 +0700
Subject: [PATCH] StudentQuiz: can we mitigate the potential XSS risks? #812360

---
 lib.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib.php b/lib.php
index c0bac58d..ab08f8d5 100755
--- a/lib.php
+++ b/lib.php
@@ -73,6 +73,22 @@ function studentquiz_supports($feature) {
     }
 }
 
+/**
+ * Callback immediately after require_login succeeds.
+ */
+function studentquiz_after_require_login() {
+    global $PAGE, $CFG, $COURSE;
+    if ($PAGE->activityname === 'studentquiz') {
+        $CFG->forceclean = true;
+    } else if ($catparam = optional_param('cat', null, PARAM_SEQUENCE)) {
+        [, $contextid] = explode(',', $catparam);
+        $instanceid = context::instance_by_id($contextid)->instanceid;
+        if (get_course_and_cm_from_cmid($instanceid, 'studentquiz', $COURSE)) {
+            $CFG->forceclean = true;
+        }
+    }
+}
+
 /**
  * Saves a new instance of the StudentQuiz into the database
  *